Kontrola logu - prosim

SM4JL · Příspěvekod **SM4JL** » 02 lis 2009 21:48

Pred vytvorenim logu jsem odinstaloval vsechny blbosti od Nortonu a zaznamenal jsem znatelne zlepseni rychlosti. Pak jsem jeste projel system CCleanerem.
Rad bych vedel, v jakem stavu se ted ten system asi nachazi. Diky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:50, on 2.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsear ... iF.xaAa1RQ
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{02CC2D9F-6AE9-409C-A38A-9FD7B47D7309}: NameServer = 100.111.123.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02CC2D9F-6AE9-409C-A38A-9FD7B47D7309}: NameServer = 100.111.123.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7886 bytes

Reklama

Příspěvekod **jaro3** » 03 lis 2009 17:18

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsear ... iF.xaAa1RQ
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] &quot;C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe&quot;
O4 - HKLM\..\Run: [SunJavaUpdateSched] &quot;C:\Program Files\Java\jre6\bin\jusched.exe&quot;
O13 - Gopher Prefix:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

SM4JL · Příspěvekod **SM4JL** » 03 lis 2009 21:13

V HJT mi neslo fixnout:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
pri dalsim scanu se to objevi hned znovu.

Misto ATF jsem uz predtim pouzil CCleaner(funguji doufam stejne?)

A tady log z MBAM:

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3094
Windows 6.0.6002 Service Pack 2

3.11.2009 21:08:43
mbam-log-2009-11-03 (21-08-38).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 92079
Uplynulý čas: 11 minute(s), 10 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 13
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Příspěvekod **jaro3** » 03 lis 2009 22:15

Úplně stejně ne , podobně..

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u AVG.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

podívám se zítra..

SM4JL · Příspěvekod **SM4JL** » 04 lis 2009 00:48

Tak tady jsou ty logy. Diky

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3094
Windows 6.0.6002 Service Pack 2

3.11.2009 22:28:37
mbam-log-2009-11-03 (22-28-37).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 92015
Uplynulý čas: 6 minute(s), 48 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 13
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

ComboFix 09-11-03.01 - Alenka 03.11.2009 23:00.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1919.1196 [GMT 1:00]
Spuštěný z: c:\users\Alenka\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2529358165-4165852777-575024548-500
C:\desktop.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-03 do 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-03 22:26 . 2009-11-03 22:26 -------- d-----w- c:\users\Alenka\AppData\Local\temp
2009-11-03 22:26 . 2009-11-03 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-03 19:55 . 2009-11-03 19:55 -------- d-----w- c:\users\Alenka\AppData\Roaming\Malwarebytes
2009-11-03 19:54 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 19:54 . 2009-11-03 19:54 -------- d-----w- c:\programdata\Malwarebytes
2009-11-03 19:54 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 19:54 . 2009-11-03 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 10:34 . 2009-11-03 10:37 -------- d-----w- c:\windows\system32\ca-ES
2009-11-03 10:34 . 2009-11-03 10:37 -------- d-----w- c:\windows\system32\eu-ES
2009-11-03 10:34 . 2009-11-03 10:37 -------- d-----w- c:\windows\system32\vi-VN
2009-11-03 10:06 . 2009-11-03 10:06 -------- d-----w- c:\windows\system32\EventProviders
2009-11-02 21:49 . 2009-11-02 21:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-02 21:49 . 2009-11-02 21:49 -------- d-----w- c:\users\Alenka\SystemRequirementsLab
2009-11-02 20:27 . 2009-11-02 20:27 -------- d-----w- c:\program files\Trend Micro
2009-11-02 20:12 . 2009-11-02 20:12 -------- d-----w- c:\program files\CCleaner
2009-11-02 20:02 . 2009-11-02 20:02 -------- d--h--w- c:\windows\PIF
2009-11-01 12:18 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-01 12:18 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 10:52 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-25 10:50 . 2009-04-11 06:28 2241536 ----a-w- c:\windows\system32\msi.dll
2009-10-25 10:49 . 2009-04-11 06:28 88064 ----a-w- c:\windows\system32\fdBth.dll
2009-10-25 10:47 . 2009-04-11 06:32 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2009-10-25 10:46 . 2009-04-11 06:28 114688 ----a-w- c:\windows\system32\imm32.dll
2009-10-25 10:45 . 2009-04-11 06:28 39936 ----a-w- c:\windows\system32\networkitemfactory.dll
2009-10-25 10:44 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-25 10:44 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-25 10:44 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-25 10:44 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-25 10:44 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-25 10:44 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-25 10:44 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-25 10:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-25 10:43 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-25 10:43 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-25 10:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-24 11:54 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-24 11:54 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 11:54 . 2009-08-27 13:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-24 11:51 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-24 11:51 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-24 11:12 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-24 11:01 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-24 11:01 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 21:37 . 2007-04-21 11:18 615270 ----a-w- c:\windows\system32\perfh005.dat
2009-11-03 21:37 . 2007-04-21 11:18 120798 ----a-w- c:\windows\system32\perfc005.dat
2009-11-03 21:29 . 2007-04-21 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-03 21:28 . 2008-06-24 15:37 -------- d-----w- c:\program files\ICQToolbar
2009-11-03 10:48 . 2007-12-29 22:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2009-11-03 10:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-03 10:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-03 10:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-03 10:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-03 10:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-03 10:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-03 10:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-02 20:38 . 2008-05-05 08:16 -------- d-----w- c:\program files\AskTBar
2009-11-02 20:24 . 2007-12-29 22:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-02 20:23 . 2007-12-29 22:02 -------- d-----w- c:\programdata\Symantec
2009-10-25 01:08 . 2007-12-30 09:26 -------- d-----w- c:\programdata\Microsoft Help
2009-10-10 10:18 . 2008-01-02 13:03 -------- d-----w- c:\program files\Canon
2009-10-10 07:15 . 2008-03-03 19:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-10 07:15 . 2008-03-03 19:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-10 07:15 . 2008-03-03 19:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-01 08:29 . 2009-10-04 15:06 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-10 21:41 . 2008-06-15 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 20:05 . 2007-12-29 13:45 99864 ----a-w- c:\users\Alenka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-08 18:19 . 2008-02-02 15:29 -------- d-----w- c:\program files\Microsoft Works
2009-09-05 11:59 . 2009-06-18 17:17 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-08-29 00:27 . 2009-09-03 18:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 18:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 17:58 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 17:58 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 17:58 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 17:58 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 17:58 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 17:58 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 17:58 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 17:58 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 17:58 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 17:58 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 17:58 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:08 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2009-01-08 1331024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 815104]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-06-26 778240]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Alenka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Alenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):07,e2,e1,d5,72,5c,ca,01

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [3.3.2008 20:31 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [26.10.2008 8:20 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3.3.2008 20:31 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26.10.2008 8:20 108552]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [8.1.2009 20:25 58608]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18.1.2009 8:17 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [18.6.2009 18:12 1370488]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [29.12.2007 23:25 24576]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\System32\drivers\l260x86.sys [29.12.2007 23:25 28672]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [29.12.2007 23:25 1260672]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\System32\drivers\Axtmvflt.sys [18.1.2008 15:08 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\System32\drivers\Axtmvmdm.sys [18.1.2008 15:08 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\System32\drivers\Axtmvprt.sys [18.1.2008 15:08 38784]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{3E0DED45-45B0-4EFD-B283-9F1B35715575}.job
- c:\windows\system32\msfeedssync.exe [2008-06-03 07:33]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {02CC2D9F-6AE9-409C-A38A-9FD7B47D7309} = 100.111.123.1
FF - ProfilePath - c:\users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\vh4ezyj0.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 23:26
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-11-03 23:31
ComboFix-quarantined-files.txt 2009-11-03 22:31

Před spuštěním: Volných bajtů: 62 502 690 816
Po spuštění: Volných bajtů: 62 242 521 088

Příspěvekod **jaro3** » 04 lis 2009 10:11

Odinstaluj:
ICQToolbar

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\bthservsdp.dat
c:\windows\system32\acovcnt.exe

Folder::
c:\program files\ICQToolbar
c:\program files\AskTBar
c:\program files\Common Files\Symantec Shared
c:\programdata\Symantec

Registry::
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\wbem\repdrvfs.dll
Vlož sem pak odkaz výsledku.

SM4JL · Příspěvekod **SM4JL** » 04 lis 2009 22:28

Tak tady jsou ty logy a mel bych jeste dotaz: prestaly mi fungovat klavesove zkratky pres Fn(zapnuti/vypnuti wifi a bluetooth,ovladani hlasitosti,...). Mam notebook Asus. Vyresim to instalaci neceho ze stranek asusu? dik
Jo a ten soubor na VirusTotal byl OK.

ComboFix 09-11-03.01 - Alenka 04.11.2009 21:51.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1919.999 [GMT 1:00]
Spuštěný z: c:\users\Alenka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alenka\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\bthservsdp.dat"
"c:\windows\system32\acovcnt.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskTBar
c:\program files\AskTBar\bar\History\search2
c:\program files\AskTBar\PopSwatr\History\allowed
c:\program files\AskTBar\PopSwatr\History\notallow
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\ICQToolbar
c:\program files\ICQToolbar\about.html
c:\program files\ICQToolbar\basis.xml
c:\program files\ICQToolbar\Dlg_Res.xml
c:\program files\ICQToolbar\download.html
c:\program files\ICQToolbar\Games.xml
c:\program files\ICQToolbar\games_button.xml
c:\program files\ICQToolbar\icons.bmp
c:\program files\ICQToolbar\loading.html
c:\program files\ICQToolbar\logo_small.gif
c:\program files\ICQToolbar\newversion.txt
c:\program files\ICQToolbar\tb_buttons.xml
c:\program files\ICQToolbar\tb_games.xml
c:\program files\ICQToolbar\tb_options.xml
c:\program files\ICQToolbar\toolbaru.crc
c:\program files\ICQToolbar\version.txt
c:\programdata\Symantec
c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\latest-hub-webauth.sql\LHW.sql.bin
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\CATALOG.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\CCERASER.DLL
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\ECBOOTIL.VXD
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\ECMSVR32.DLL
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\EECTRL.SYS
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\ERASER.GRD
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\ERASER.SIG
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\ERASER.SPM
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\ERASER.SYS
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\ESRDEF.BIN
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\HH
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NAVENG.EXP
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NAVENG.SYS
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NAVENG.VXD
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NAVENG32.DLL
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NAVEX15.EXP
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NAVEX15.SYS
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NAVEX15.VXD
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NAVEX32A.DLL
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\NCSACERT.TXT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\SCRAUTH.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\SYMAVENG.CAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\SYMAVENG.INF
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\SYMERASE.CAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\SYMERASE.INF
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TCDEFS.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TCSCAN7.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TCSCAN8.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TCSCAN9.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TECHNOTE.TXT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TINF.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TINFIDX.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TINFL.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TSCAN1.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\TSCAN1HD.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\V.GRD
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\V.SIG
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN.INF
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN1.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN2.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN3.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN4.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN5.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN6.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN7.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN8.DAT
c:\programdata\Symantec\Definitions\VirusDefs\20080203.006\VIRSCAN9.DAT
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
c:\windows\bthservsdp.dat
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-04 do 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 21:02 . 2009-11-04 21:06 -------- d-----w- c:\users\Alenka\AppData\Local\temp
2009-11-04 21:02 . 2009-11-04 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-03 19:55 . 2009-11-03 19:55 -------- d-----w- c:\users\Alenka\AppData\Roaming\Malwarebytes
2009-11-03 19:54 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 19:54 . 2009-11-03 19:54 -------- d-----w- c:\programdata\Malwarebytes
2009-11-03 19:54 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 19:54 . 2009-11-03 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 10:34 . 2009-11-03 10:37 -------- d-----w- c:\windows\system32\ca-ES
2009-11-03 10:34 . 2009-11-03 10:37 -------- d-----w- c:\windows\system32\eu-ES
2009-11-03 10:34 . 2009-11-03 10:37 -------- d-----w- c:\windows\system32\vi-VN
2009-11-03 10:06 . 2009-11-03 10:06 -------- d-----w- c:\windows\system32\EventProviders
2009-11-02 21:49 . 2009-11-02 21:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-02 21:49 . 2009-11-02 21:49 -------- d-----w- c:\users\Alenka\SystemRequirementsLab
2009-11-02 20:27 . 2009-11-02 20:27 -------- d-----w- c:\program files\Trend Micro
2009-11-02 20:12 . 2009-11-02 20:12 -------- d-----w- c:\program files\CCleaner
2009-11-02 20:02 . 2009-11-02 20:02 -------- d--h--w- c:\windows\PIF
2009-11-01 12:18 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-01 12:18 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 10:52 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-25 10:50 . 2009-04-11 06:28 2241536 ----a-w- c:\windows\system32\msi.dll
2009-10-25 10:49 . 2009-04-11 06:28 88064 ----a-w- c:\windows\system32\fdBth.dll
2009-10-25 10:47 . 2009-04-11 06:32 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2009-10-25 10:46 . 2009-04-11 06:28 114688 ----a-w- c:\windows\system32\imm32.dll
2009-10-25 10:45 . 2009-04-11 06:28 39936 ----a-w- c:\windows\system32\networkitemfactory.dll
2009-10-25 10:44 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-25 10:44 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-25 10:44 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-25 10:44 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-25 10:44 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-25 10:44 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-25 10:44 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-25 10:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-25 10:43 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-25 10:43 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-25 10:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-24 11:54 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-24 11:54 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 11:54 . 2009-08-27 13:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-24 11:51 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-24 11:51 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-24 11:12 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-24 11:01 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-24 11:01 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 19:59 . 2007-12-29 21:54 -------- d-----w- c:\programdata\ASUS
2009-11-04 19:47 . 2007-04-21 11:18 615270 ----a-w- c:\windows\system32\perfh005.dat
2009-11-04 19:47 . 2007-04-21 11:18 120798 ----a-w- c:\windows\system32\perfc005.dat
2009-11-03 10:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-03 10:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-03 10:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-03 10:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-03 10:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-03 10:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-03 10:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-25 01:08 . 2007-12-30 09:26 -------- d-----w- c:\programdata\Microsoft Help
2009-10-10 10:18 . 2008-01-02 13:03 -------- d-----w- c:\program files\Canon
2009-10-10 07:15 . 2008-03-03 19:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-10 07:15 . 2008-03-03 19:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-10 07:15 . 2008-03-03 19:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-01 08:29 . 2009-10-04 15:06 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-10 21:41 . 2008-06-15 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 20:05 . 2007-12-29 13:45 99864 ----a-w- c:\users\Alenka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-08 18:19 . 2008-02-02 15:29 -------- d-----w- c:\program files\Microsoft Works
2009-08-29 00:27 . 2009-09-03 18:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 18:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 17:58 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 17:58 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 17:58 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 17:58 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 17:58 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 17:58 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 17:58 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 17:58 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 17:58 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 17:58 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 17:58 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-03_22.27.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-21 10:52 . 2009-11-04 21:06 52464 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-04 21:07 85990 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-29 13:39 . 2009-11-04 19:43 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-29 13:39 . 2009-11-03 21:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-29 13:39 . 2009-11-04 19:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-29 13:39 . 2009-11-03 21:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-04 02:13 . 2009-11-04 02:13 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\71446066f8f87652fa7303395df566cc\UIAutomationProvider.ni.dll
+ 2009-11-04 02:16 . 2009-11-04 02:16 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f7cfb619815540da7efa7d0ce6cd581c\System.Windows.Presentation.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94a159c32cf1d5ff553e2c12861c7e9f\System.Web.DynamicData.Design.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\fd2d9c558d28fb6fc1d5b650e2aaba6a\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\ef965cf9c5c75294aef56d47f4b0eb26\System.AddIn.Contract.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\6fb97ad4786df4e2a5c0edaa3a284de8\stdole.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\28aa280d39ac935204e8f97b628dd25e\PresentationFontCache.ni.exe
+ 2009-11-04 02:13 . 2009-11-04 02:13 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\32d58b6e9270ca077d0f3e787acd0a37\PresentationCFFRasterizer.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\ec37fe0ddb66e6ed277cc9c83c39e134\napcrypt.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e69555c56ddd01d1e809c1cf9e5cbf93\Microsoft.Vsa.ni.dll
+ 2009-11-04 02:08 . 2009-11-04 02:08 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\84dda64a3e7cec7239ede8d5e48b5847\Microsoft.VisualC.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f156806d82a796faf4968b2cb872141d\Microsoft.Build.Framework.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2990c6a100dc31f3a36bd8c2afafa92b\Microsoft.Build.Framework.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\c06ed1ec9b9930295dd73986fe660559\loadmxf.ni.exe
+ 2009-11-04 02:11 . 2009-11-04 02:11 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\9e40e4d9ddeac7b337afb0ab2a45b7c7\ehiUserXp.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\53c8ef024a64e5e6c4a1a4e23db7c753\ehiReplay.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\3c3b9f210946ad30b80aef7c2c61bec1\ehiExtCOM.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\2e777c70743dc2d17184d2c777c98568\ehExtCOM.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\8b295851a21fc513dcb5dbcd9b5385e6\dfsvc.ni.exe
+ 2009-11-04 02:08 . 2009-11-04 02:08 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1bcbcac5237f54c73628936552c55b69\Accessibility.ni.dll
+ 2007-12-29 13:44 . 2009-11-04 21:07 9986 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2529358165-4165852777-575024548-1000_UserData.bin
+ 2009-11-04 21:04 . 2009-11-04 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-03 21:31 . 2009-11-03 21:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-03 21:31 . 2009-11-03 21:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-04 21:04 . 2009-11-04 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-04 02:02 . 2009-09-04 06:59 388920 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.22219_none_fcfe427e14d1391e\SOS.dll
+ 2009-11-04 02:02 . 2009-09-04 06:59 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.18107_none_13cb1683fb2a8c7f\SOS.dll
+ 2009-11-04 02:02 . 2009-09-04 06:58 989528 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.22219_none_142ffabd20dc5d09\mscordacwks.dll
+ 2009-11-04 02:02 . 2009-09-04 06:58 989000 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.18107_none_2afccec30735b06a\mscordacwks.dll
+ 2009-10-25 10:45 . 2009-03-31 18:04 303104 c:\windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6002.22219_cs-cz_201ac9c797750407\mscorlib.resources.dll
+ 2009-10-25 10:45 . 2009-03-31 18:04 303104 c:\windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6002.18107_cs-cz_36e79dcd7dce5768\mscorlib.resources.dll
+ 2008-01-02 18:49 . 2009-11-04 19:42 323464 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2007-12-29 14:45 . 2009-11-04 08:17 341956 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-11-03 21:37 594776 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-04 19:47 594776 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-03 21:37 106596 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-11-04 19:47 106596 c:\windows\System32\perfc009.dat
- 2007-12-29 13:39 . 2009-11-03 21:31 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-29 13:39 . 2009-11-04 19:43 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-25 10:49 . 2009-03-30 04:42 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2009-11-04 02:02 . 2009-09-04 06:59 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-10-25 10:51 . 2009-03-30 04:42 989000 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2009-11-04 02:02 . 2009-09-04 06:58 989000 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2009-11-04 02:16 . 2009-11-04 02:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e238b43f36388fcb7c57b80bdc1f7d62\WsatConfig.ni.exe
+ 2009-11-04 02:16 . 2009-11-04 02:16 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\8f9e7faa17ad97b10b90647dc804bd02\WindowsFormsIntegration.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\4609787a9b076765ecb68581a25df450\UIAutomationTypes.ni.dll
+ 2009-11-04 02:16 . 2009-11-04 02:16 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a7b063c683276e3a82a58ba41c52df12\UIAutomationClient.ni.dll
+ 2009-11-04 02:16 . 2009-11-04 02:16 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\254b382cfc56f408ee61524805812f29\TaskScheduler.ni.dll
+ 2009-11-04 02:16 . 2009-11-04 02:16 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0eae6266b8c2becb2131349055187233\System.Xml.Linq.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\9ab2b63a74f18bded73c752dfad29b7b\System.Web.Routing.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67190e73b89e98b6488dcf6af49c216f\System.Web.RegularExpressions.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c6abb45c13e5b9122696522bec0d2ecf\System.Web.Extensions.Design.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\eaa2ae0c44f344b227b2c382c846f7a4\System.Web.Entity.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\5c0af069194b9d1f5d6ee63dbb90ee8d\System.Web.Entity.Design.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\03efddc7dbc191f65c0b343666f27026\System.Web.DynamicData.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\f064a5d32c3dbf54f7e6923b3cba5f35\System.Web.Abstractions.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5790f8446c866b543ab1740fd27aaec5\System.Transactions.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b0d40c6d0fc00ba251010b710ca452a6\System.ServiceProcess.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3bf0444969d6c9bf5e3106c9aa59c1d0\System.Security.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f91c1865b06602c72f0efc99a0d4634a\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\23ca5e14f05c37fb49bc0df6521a314e\System.Net.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9c037a2101174ed32002e0d492504573\System.Messaging.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3554229f9241c34b5acd5061bb7a9b6\System.Management.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\072654567a9c8a9788fc1dc3c36ecfc7\System.Management.Instrumentation.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\f5ec612354e6e5abf31cf67ac57698e2\System.IO.Log.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\6fac519fcb4fe727abbd0e00b5ed358d\System.IdentityModel.Selectors.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7315b1a64bf46430386b938ae3257e27\System.EnterpriseServices.Wrapper.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7315b1a64bf46430386b938ae3257e27\System.EnterpriseServices.ni.dll
+ 2009-11-04 02:06 . 2009-11-04 02:06 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cf90c37ebdf793f7d485cdf1461cefd7\System.Drawing.Design.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\384bafb2a4f81a682eb2ae2c7fea976b\System.DirectoryServices.Protocols.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\34472e4436b3e385c07ee148575e09f6\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e7535982e4bf2036e9e7269641b7be96\System.Data.Services.Client.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d8591d22020c2da6180edf325b1a5d06\System.Data.Services.Design.ni.dll
+ 2009-11-04 02:14 . 2009-11-04 02:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6a8e0561391bca5f520ea52bd10130dd\System.Data.Entity.Design.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\75651a5359122974884b64b98dc1af0f\System.Data.DataSetExtensions.ni.dll
+ 2009-11-04 02:08 . 2009-11-04 02:08 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\78aac991cacbc9665c628f5466cec9c1\System.Configuration.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\97b0e9c797db7eb8c7e15a81d88b0f1f\System.Configuration.Install.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\de36037cdb70cd63979b9642fe1e916a\System.AddIn.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\723e877d7b2a6ef55f2ae48ce7c1ee09\sysglobl.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0e2d201c84bf5d3207ff863642cd9aae\SMSvcHost.ni.exe
+ 2009-11-04 02:10 . 2009-11-04 02:10 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\0813dc1488145bd9dd8547099ade2caf\SMDiagnostics.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\927f3f5537ce459700658426fe372255\ServiceModelReg.ni.exe
+ 2009-11-04 02:05 . 2009-11-04 02:05 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a409c40a6067264d0592415fcfc266d\PresentationFramework.Luna.ni.dll
+ 2009-11-04 02:05 . 2009-11-04 02:05 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\54e0042aba64d42f476234184b1b8f77\PresentationFramework.Classic.ni.dll
+ 2009-11-04 02:05 . 2009-11-04 02:05 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ae3d45b608b6e0fcb51d3a903563621\PresentationFramework.Royale.ni.dll
+ 2009-11-04 02:05 . 2009-11-04 02:05 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0fa8eb806fadfff925850522a53c3c18\PresentationFramework.Aero.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\b4b826189fd5456365147b7b09e85a36\napsnap.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\67f068987514ee7cafd3d78f3a0c1d03\napinit.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\fb54f69405c0a16d69c0ff218b8b226c\naphlpr.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\f5f5c57412a953a4cf89bef422dde61a\MSBuild.ni.exe
+ 2009-11-04 02:12 . 2009-11-04 02:12 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\49c2fd76ae8103221e9342bdba6c9c8d\MMCFxCommon.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7d051e6ee6923e5db3ccab7a275f0812\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 659968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\cd3cb0a0113a7ccccff31da63487ede7\Microsoft.MediaCenter.Sports.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 227840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\42794bc8e41260b935b11c24f7b36916\Microsoft.MediaCenter.Shell.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\20c04c834cf047afa7256415151818a8\Microsoft.MediaCenter.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\89756299b1ce3b6cc00b69d39685ab1b\Microsoft.ManagementConsole.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\8c80eafc04a20c51f6009ddd7920fbc1\Microsoft.Build.Utilities.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6766c368a48789e57637e36681e397ce\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e32b8f3a1267236ca7f2bd9606e67ffd\Microsoft.Build.Engine.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\5a16c39ea69c4ddcaa76b9b2f5c70ef7\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\5c546e94a6ce162317a9c41298c07b98\Mcx2Dvcs.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 254976 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\c00d89371d1e93f341bef3ec8e889ef5\mcupdate.ni.exe
+ 2009-11-04 02:11 . 2009-11-04 02:11 225280 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\d766ca6bde8ee7051ddc96d713d776cd\mcstoredb.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 641536 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\d6bf92ec4c3c212e4323bf15386be21a\mcstore.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\2bcdc9c4b2d9b6fe5f34b2556d937b1d\EventViewer.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 103936 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\9bbb6b6e4992b9aef63f5f299d479a9d\ehiWUapi.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 338432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\94f6a3674e8f4e4e8fa82e4e93bb4094\ehiwmp.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 797696 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\54c4dad0ab77449a338f9b0e17f7b7d0\ehiVidCtl.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 965632 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\266cdaf9ab6478fe4dfad14dccd6434c\ehiProxy.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 565760 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\ef0016884aa8f2aff3b31dcc02b96ed0\ehiPlay.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\d33a77b9163bfb5a488ed34cea5ef217\ehiExtens.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\6da0bd473a25740c9f037c3c180bd5d2\ehExtHost.ni.exe
+ 2009-11-04 02:11 . 2009-11-04 02:11 305152 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\934e9445770ccc7acac7fb36f6202a0f\ehepgdat.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\2993150a626a90f2bd7853457f9fd6ac\ehCIR.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\11e7010bbb22a78ec4f9310bb5906686\CustomMarshalers.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\8cdd74f26f632d6087e8f79651870033\ComSvcConfig.ni.exe
+ 2009-11-04 02:08 . 2009-11-04 02:08 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\61ee0d5f74301a686fa114678b23149a\BDATunePIA.ni.dll
+ 2009-11-04 02:08 . 2009-11-04 02:08 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\5f5dce4fc044ca88c9be8513d05fd5c6\AspNetMMCExt.ni.dll
+ 2009-11-04 02:02 . 2009-09-04 06:59 5818704 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.22219_none_1b6bd7d648db5136\mscorwks.dll
+ 2009-11-04 02:02 . 2009-09-04 06:59 5812544 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.18107_none_3238abdc2f34a497\mscorwks.dll
+ 2009-11-04 02:02 . 2009-09-04 06:58 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.22219_none_b0c508e8db53ecb1\mscorlib.dll
+ 2009-11-04 02:02 . 2009-09-04 06:58 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.18107_none_c791dceec1ad4012\mscorlib.dll
+ 2009-11-03 19:56 . 2009-10-19 13:49 3602432 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22247_none_158eeb3d388785cb\mshtml.dll
+ 2009-11-03 19:56 . 2009-10-19 13:36 3599872 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18124_none_1517ed6c1f5c621a\mshtml.dll
+ 2009-11-03 19:56 . 2009-10-19 14:09 3586560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22544_none_13a578773b63e4a2\mshtml.dll
+ 2009-11-03 19:56 . 2009-10-19 14:25 3584000 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18344_none_131bd9c6224647b1\mshtml.dll
+ 2009-11-03 19:56 . 2009-10-19 14:19 3602432 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21142_none_11bd0f793e3f571e\mshtml.dll
+ 2009-11-03 19:56 . 2009-10-19 14:40 3598336 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16939_none_11456c7e25131982\mshtml.dll
+ 2006-11-02 10:22 . 2009-11-04 21:03 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-11-03 21:30 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-10-24 11:54 . 2009-08-27 12:39 3599872 c:\windows\System32\mshtml.dll
+ 2009-11-03 19:56 . 2009-10-19 13:36 3599872 c:\windows\System32\mshtml.dll
- 2009-10-25 10:51 . 2009-03-30 04:42 5812544 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-11-04 02:02 . 2009-09-04 06:59 5812544 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-11-04 02:02 . 2009-09-04 06:58 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2009-10-25 10:51 . 2009-03-30 04:42 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-11-04 20:33 . 2009-11-04 20:33 6471680 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-11-04 02:04 . 2009-11-04 02:04 3314176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c681da7e1c7b648cb456f2d90e7c50fe\WindowsBase.ni.dll
+ 2009-11-04 02:16 . 2009-11-04 02:16 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\2105c56c3fe48843fcb0b488cbe3a9d4\UIAutomationClientsideProviders.ni.dll
+ 2009-11-04 02:04 . 2009-11-04 02:04 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
+ 2009-11-04 02:07 . 2009-11-04 02:07 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll
+ 2009-11-04 02:16 . 2009-11-04 02:16 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6cd20be7cbc4f149f2cb27342632f52e\System.WorkflowServices.ni.dll
+ 2009-11-04 02:07 . 2009-11-04 02:07 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1f48aa633e1390542786d1f4aadf4d9c\System.Workflow.Runtime.ni.dll
+ 2009-11-04 02:07 . 2009-11-04 02:07 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ea04089f9339c24a5b9049f225d644d6\System.Workflow.ComponentModel.ni.dll
+ 2009-11-04 02:07 . 2009-11-04 02:07 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d0cab30213f071a1d29756cc384b1c40\System.Workflow.Activities.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3ac86230f8672732e33a9607b9d850c0\System.Web.Services.ni.dll
+ 2009-11-04 02:16 . 2009-11-04 02:16 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\40409c8e5284e8a59e3ea9d2969be855\System.Web.Mobile.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\84f6711a2dcbe862949b0d01ac8568ba\System.Web.Extensions.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\a9bb974635790a38d3530b441a9c93cc\System.Speech.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1c98099c39a6925b6292b7f00c3010a5\System.ServiceModel.Web.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d70a3a621f0536c8cb151dc4775d3409\System.Runtime.Serialization.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\3e90149cc7c633d9a631839308bb9bc3\System.Printing.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\22c0c18be8858e433fe561c693a2c556\System.IdentityModel.ni.dll
+ 2009-11-04 02:06 . 2009-11-04 02:06 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f8f2dbea11afbca27219a6aca87a60f9\System.DirectoryServices.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4edeee9bfffbaea5bc43ebdac1db3580\System.Deployment.ni.dll
+ 2009-11-04 02:06 . 2009-11-04 02:06 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\74114632794c536c35d28a5c60f694ab\System.Data.ni.dll
+ 2009-11-04 02:08 . 2009-11-04 02:08 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\84b5a57d2a24d4fdda2f25e93fdd4c65\System.Data.SqlXml.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\96217e2185e9b019a4a8d78e43be3124\System.Data.Services.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\b4fecb0f2495c3ac69d59cc207d2734d\System.Data.OracleClient.ni.dll
+ 2009-11-04 02:06 . 2009-11-04 02:06 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\70de236a6b9a2ddf910f719c4c679226\System.Data.Linq.ni.dll
+ 2009-11-04 02:14 . 2009-11-04 02:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ea5d154e33f61d3d949efae409d02356\System.Data.Entity.ni.dll
+ 2009-11-04 02:05 . 2009-11-04 02:05 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\670d343c8b3213883fa70837195f7f81\System.Core.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\316de585c1205c92cf4b0a70fa34c874\ReachFramework.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\52d83973b6c5886042800865d5321ef9\PresentationUI.ni.dll
+ 2009-11-04 02:13 . 2009-11-04 02:13 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\03a073b4f13b073e27c0b2c8629fa7b8\PresentationBuildTasks.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\6d984081192a52d32ed475100a28b6c5\Narrator.ni.exe
+ 2009-11-04 02:12 . 2009-11-04 02:12 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\8de0a36d04d521a7287537f5d90f9c66\MMCEx.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\cdbb5f1840a16aea2579a03a61ab56a2\MIGUIControls.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e3d4c11809bddd2154fe7b704695e070\Microsoft.VisualBasic.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e39b79c69a798731568441a7d2fe90b6\Microsoft.Transactions.Bridge.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\edbd7d666fb3b01d2eb15a9b86c75e40\Microsoft.MediaCenter.UI.ni.dll
+ 2009-11-04 02:15 . 2009-11-04 02:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a385166106bab1601126773d27135895\Microsoft.JScript.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\8685307d6582feb851388fff44046b56\Microsoft.Ink.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d02204eeabd2364b82eeaca997636b83\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-04 02:12 . 2009-11-04 02:12 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c3369952e0cde298bed8a00aa548123d\Microsoft.Build.Tasks.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\0c3e11851cedaf97c03a74131b5f9293\Microsoft.Build.Engine.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 1732608 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\e6b488913d24a333cdb8b0dde82eed76\ehRecObj.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 2130432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\f5d8c5451c6a49960dc7cde827d4909f\ehepg.ni.dll
- 2009-10-25 10:51 . 2009-03-30 04:42 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-11-04 02:02 . 2009-09-04 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-11-04 02:06 . 2009-11-04 02:06 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
+ 2009-11-04 02:09 . 2009-11-04 02:09 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7742aef93bc3679a986cb5dab148cd76\System.Web.ni.dll
+ 2009-11-04 02:10 . 2009-11-04 02:10 17328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\830b346e51c9671cacaa75c4fd9bcfb3\System.ServiceModel.ni.dll
+ 2009-11-04 02:06 . 2009-11-04 02:06 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\1097f0aba9cd9bdb9295ab05ca7e68b8\System.Design.ni.dll
+ 2009-11-04 02:05 . 2009-11-04 02:05 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\394fd96b27f367e6ffb13bc8c35fdcb2\PresentationFramework.ni.dll
+ 2009-11-04 02:04 . 2009-11-04 02:04 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\bfbe98e8737c97d8c938275ceca2b1d8\PresentationCore.ni.dll
+ 2009-11-04 02:03 . 2009-11-04 02:03 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
+ 2009-11-04 02:11 . 2009-11-04 02:11 11587584 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\a2a3779d05fd2f244006562903f3bd37\ehshell.ni.dll
+ 2009-05-11 22:17 . 2009-11-04 02:02 240970626 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2009-01-08 1331024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 815104]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-06-26 778240]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Alenka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Alenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):07,e2,e1,d5,72,5c,ca,01

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [3.3.2008 20:31 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [26.10.2008 8:20 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3.3.2008 20:31 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26.10.2008 8:20 108552]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [8.1.2009 20:25 58608]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18.1.2009 8:17 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [18.6.2009 18:12 1370488]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [29.12.2007 23:25 24576]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\System32\drivers\l260x86.sys [29.12.2007 23:25 28672]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [29.12.2007 23:25 1260672]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\System32\drivers\Axtmvflt.sys [18.1.2008 15:08 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\System32\drivers\Axtmvmdm.sys [18.1.2008 15:08 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\System32\drivers\Axtmvprt.sys [18.1.2008 15:08 38784]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{3E0DED45-45B0-4EFD-B283-9F1B35715575}.job
- c:\windows\system32\msfeedssync.exe [2008-06-03 07:33]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {02CC2D9F-6AE9-409C-A38A-9FD7B47D7309} = 100.111.123.1
FF - ProfilePath - c:\users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\vh4ezyj0.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2009-11-04 22:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-04 21:13
ComboFix2.txt 2009-11-03 22:31

Před spuštěním: Volných bajtů: 60 929 937 408
Po spuštění: Volných bajtů: 60 724 989 952

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:35, on 4.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\ComboFix\CF11893.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\notepad.exe
C:\ComboFix\handle.cfxxe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02CC2D9F-6AE9-409C-A38A-9FD7B47D7309}: NameServer = 100.111.123.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02CC2D9F-6AE9-409C-A38A-9FD7B47D7309}: NameServer = 100.111.123.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6110 bytes

Příspěvekod **jaro3** » 05 lis 2009 08:22

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG čí Avast.

Co se týká těch problémů:
prestaly mi fungovat klavesove zkratky pres Fn(zapnuti/vypnuti wifi a bluetooth,ovladani hlasitosti,...) --použít CD s ovladači k notebooku a přeinstalovat,příp. zadat téma do jiné sekce.

Ohledně virů , je to zde vše.

SM4JL · Příspěvekod **SM4JL** » 05 lis 2009 09:30

Ok, takze diky moc za spolupraci.

Kontrola logu - prosim Vyřešeno

Kontrola logu - prosim Vyřešeno

Re: Kontrola logu - prosim

Re: Kontrola logu - prosim

Re: Kontrola logu - prosim

Re: Kontrola logu - prosim

Re: Kontrola logu - prosim

Re: Kontrola logu - prosim

Re: Kontrola logu - prosim

Re: Kontrola logu - prosim

Kdo je online